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(57)Abstract 



PROBLEM TO BE SOLVED: To prevent individual authentication 
information from being used illegally or altered by a 3rd person and to 
enable a management organ for individual information to confirm its 
contents at need. 

SOLUTION: A user sends an account opening request specifying an 
account kind to an account management server 5. The account 
management server 5 sends account information 1 1 accompanying 
the opening of a new account to the user 1 . The user 1 confirms the 
contents of the account information 1 1 and combines an open key 
certificate from CA(certification authority) to generate user's own 
individual authentication information 1 3. For the individual 
authentication information 1 3, an electronic signature 1 5 is generated 
with an individual secret key corresponding to the open key of the 
open key certificate. The individual authentication information 1 3 with 
the electronic signature is sent to the account management server 5. 
The account management server 1 5 verifies the electronic signature 
15 by using the open key certificate in the individual authentication 
information 13 to confirm the adequacy of the individual 
authentication information 13. The individual authentication 
information 13 is registered in an account information management 
DB 7 while the electronic signature 15 is added. The account 
management server 5 sends a message indicating the opening of the 
new account to the user 1, who confirms the message 1 7, thus 
completing a series of processing operations regarding the account 
opening request 
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[CLAIMS ] 
[Claim 1] 

Personal authentication information management 
system for the same information exchanged between users 
and information management institutions, characterized 
in comprising a generating means for generating a personal 
authentication information formed of intrinsic code 
information of said users and official password 
information of said users. 
[Claim 2] 

Personal authentication information management 
system as claimed in claim 1, characterized in that said 
generating means is provided in said users. 
[Claim 3] 

Personal authentication information management 
system as claimed in claim 1, characterized in that said 
personal authentication information is exchanged between 
said users and servers installed in said information 
management institutions. 
[Claim 4] 

Personal authentication information system as 
claimed in claim 1, characterized in that said personal 
authentication information is exchanged for dealings 
conducted between said users and said servers. 
[Claim 5] 

Personal authentication information management 
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'system as claimed in claim 4, characterized in that said 
dealing is an on-line dealing conducted between said users 
and said servers. 
[Claim 6] 

Personal authentication information management 
system as claimed in claim 1, characterized in that: 

said information management institutions are 
financial institutions; and 

said code information is the number information 
indicating the account number of user registered in said 
final institution. 
[Claim 7] 

Personal authentication information management 
system as claimed in claim 1, characterized in that said 
official password information has been acquired 
previously for use as the personal authentication 
information of a user itself from the certification 
authority as the third party. 
[Claim 8] 

Personal authentication information management 
system as claimed in claim 7 , characterized in that a 
personal secret password information corresponding to 
said official password information is further used. 
[Claim 9] 

Personal authentication information management 
system as claimed in claim 8, characterized in that said 
personal secret password information is used for 
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generation of electronic signature to be attached to the 
personal authentication information of said users. 
[Claim 10] 

Personal authentication information management 
system as claimed in any one of claims 1 to 9 , characterized 
in that said users are provided with; 

first means for sending account number registration 
request to said server; 

second means for sending an instruction message 
about the registered account number to said server; and 

third means for sending the personal authentication 
information with said generated electronic signature 
when said account number registration request or said 
instruction message is sent. 
[Claim 11] 

Personal authentication information management 
system as claimed in any one of claims 3 to 10, 
characterized in that said server is provided with a 
verifying means for verifying justice of the personal 
authentication information with said electronic 
signature by verifying said attached electronic 
signature using the official password information 
included in the personal authentication information 
transmitted by said third means. 
[Claim 12] 

Personal authentication information management 
system as claimed in claim 11, characterized in that said 
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'information management institution is provided with a 
storing means for registering said personal 
authentication information with electronic signature 
which is verified as the justified information by said 
verifying means. 
[Claim 13] 

Personal authentication information management 
system as claimed in any one of claims 3 to 12, 
characterized in that said server further comprises a 
verifying means for verifying justice of the instruction 
message transmitted by said second means depending on the 
official password information included in said 
registered personal authentication information and an 
executing means for executing such instruction content 
when justice of said instruction or message is verified. 
[Claim 14] 

Personal authentication information management 
system as claimed in claim 13, characterized in that said 
verifying means verifies justice of said instruction 
message by checking, based on said registered personal 
authentication information with electronic signature, 
whether the instruction message from said user is based 
on the instruction from a user itself who has registered 
the account number or not and checking whether instruction 
content is tampered or not by the third party. 
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* [0005] 

Therefore it is an object of the present invention 
to provide a personal authentication information 
management system in which there is no fear for use by 
the third party or tampering of content even when the 
personal authentication information is leaked and it is 
possible for the personal information management 
institution to verify the content of personal information 
as r equi r e d . 
[0006] 

[Means for Solving the Problems] 

The personal authentication information management 
system of the present invention relates to management of 
personal authentication information to be exchanged 
between users and information management institutions 
and is provided with a generating means for generating 
personal authentication information formed of the 
intrinsic code information of user and official password 
information of user. 
[0007] 

In the preferred embodiment of the present invention, 
the generating means is provided in user side. Personal 
authentication information is exchanged between a user 
and a server provided in information management 
institution. For example, such personal authentication 
information is exchanged for the dealing performed 
between a user and a server. As the dealing explained 
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above, an on-line dealing, for example, is conducted 
between a user and a server. 
[ 0008 ] 

The information management institution means a 
financial institution such as a bank or the like. 
Intrinsic code information of user means the number 
information indicating the account number of a user 
registered in a financial institution. 
[0009] 

The official password information explained above 
has been previously acquired for use as the personal 
authentication information of user itself from a 
certification authority (CA) working as the third party 
institution. The personal authentication information 
further includes a personal secret password information 
corresponding to this official password information. 
This personal secret password information is used for 
generation of electronic signature to be attached to the 
personal authentication information of user. 
[0010] 

With attachment of such electronic signature, 
illegal access to the account number of a user by the third 
party can be prevented and moreover alteration 
(tampering) of personal authentication information of 
user in the information management institution can also 
be prevented . 
[0011] 
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In the embodiment explained above, a user is provided, 
in addition to the generating means explained above, with 
a first means for sending an account number registering 
request to a server, a second means for sending in 
instruction message about the registered account number 
to the server and a third means for sending, to the server, 
the personal authentication information with electronic 
signature generated when the registration request or 
instruction message is sent. 
[ 0012 ] 

On the other hand, the server is provided with a 
verifying means for verifying justice, of the personal 
authentication information with electronic signature by 
verifying the attached electronic signature using the 
official password information included in the personal 
authentication information sent from said third means. 
The personal authentication information with electronic 
signature which is verified as the justified information 
by this verifying means is registered to the memory means 
provided in the information management institution. The 
server is also provided, in addition to the first to third 
means, with a verifying means for verifying justice of 
instruction message sent by the second means depending 
on the official password information included in the 
registered personal authentication information and an 
executing means for executing such instruction content 
when justice of instruction message is verified. 
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% [0013] 

The verifying means for verifying justice of 
instruction message verifies justice of instruction 
message by verifying, based on the registered personal 
authentication information with electronic signature, 
whether the instruction message sent from a user is the 
instruction issued from a user itself who has registered 
the account number or not and whether instruction content 
is tampered by the third party or not. 
[ 0014 ] 

The verifying means enables the information 
management institution to use, as required, the personal 
authentication information of the user who has registered 
the account number. 
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